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Computing finite abstractions with robustness margins via local 

reachable set over-approximation 

Yinan Li, Jun Liu, and Necmiye Ozay 


Abstract 

This paper proposes a method to compute finite abstractions that can be used for synthesizing robust 
hybrid control strategies for nonlinear systems. Most existing methods for computing finite abstractions 
utilize some global, analytical function to provide bounds on the reachable sets of nonlinear systems, 
which can be conservative and lead to spurious transitions in the abstract systems. This problem is even 
more pronounced in the presence of imperfect measurements and modelling uncertainties, where control 
synthesis can easily become infeasible due to added spurious transitions. To mitigate this problem, we 
propose to compute finite abstractions with robustness margins by over-approximating the local reachable 
sets of nonlinear systems. We do so by linearizing the nonlinear dynamics into linear affine systems and 
keeping track of the linearization error. It is shown that this approach provides tighter approximations 
and several numerical examples are used to illustrate of effectiveness of the proposed methods. 

Index Terms 

Nonlinear systems, temporal logic, control synthesis, reachable set computation. 


I. Introduction 

Construction of finite abstractions for nonlinear systems is a critical step when applying 
abstraction-based approaches to hybrid control synthesis Such approaches have gained 
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popularity over the past few years for their ability to handle control problems for complex 
dynamical systems from high-level, rigorous specifications (see, e.g., piecewise affine systems 
0. 0. polynomial and nonlinear switched systems [J5J, [[6] .The underlying principle of such 
approaches is to search for a controller in a finite abstraction of the original continuous system, 
leveraging formal synthesis techniques developed in computer science. As a result, the fidelity 
of finite abstractions has a significant influence on the result of control synthesis. 

Symbolic models that are approximately similar or bisimilar to continuous-time nonlinear 
systems have been proposed and studied extensively |7|-|J_0], which provide concrete means for 
computing finite approximate models often based on state-space discretization. For example, the 
symbolic models proposed in [7) and [8| are based on approximate bisimulation relations, which 
require incremental input-to-state stability [11 ] of the original system. The work by [9J later re¬ 
laxes the stability requirement and constructs symbolic models that are essentially approximately 
alternatingly similar to the original system. Such symbolic models are nondeterministic and the 
computation of transitions relies on a global, analytical function provided by the incremental 
forward completeness of dynamics [9]. 

When dynamical systems are affected by imperfections such as measurement errors, delays, 
and disturbances, synthesis of robust control strategies using abstraction-based approaches be¬ 


comes important. Motivated by this, the work by [121 introduces a notion of finite abstractions 
that are equipped with additional robustness margins to account for imperfections in measure¬ 
ments and/or models. These margins also lead to added nondeterminism in the abstractions. 

To increase the fidelity of the nondeterminitic finite abstractions, one needs to reduce the 
number of spurious transitions in the abstractions. One way to do so is to compute tighter 
approximations of the local reachable sets for nonlinear systems. While local reachable set 
computation has been used for nonlinear system analysis and verification (see, e.g., [13), 03), 
we use it here to compute finite abstractions for robust control synthesis. More specifically, 
we linearize the nonlinear dynamics and keep track of the linearization errors. Robustness 
margins are incorporated in the set of initial conditions used for computing local reachable 
sets. This allows us to use margins that are are state-dependent and take into account variations 
in local dynamics. One major advantage of the proposed approach is that it provides much less 
conservative abstractions, compared with existing approaches. 

Notation: let Z be the set of integers and N be the set of all nonnegative integers; R 
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represents the set of all real numbers; M> 0 and M >0 are the sets of all nonnegative and all 
positive real numbers, respectively; denotes the n-dimensional Euclidean space; 7L n denotes 
the n-dimensional integer lattice (the set of vectors in W 1 whose components are all integers); 
given a vector x = (a© • • • ,x n ) in M n , let \x\ = (|a?i|, • • • , |x n |), i.e., the vector obtained by 
taking entry wise absolute value of x; given two vectors x — (xi, ■ ■ ■ , x n ) and y — (jj \, • ■ ■ , y n ), 
x < y means X{ < yi for alH G {1, • • • , n} {x < y, x > y, and x > y are similarly defined) 
and x oy indicates the entrywise product, i.e., x o y (xiyi, ■ ■ ■ , x n y n ); a vector x G is 
said to be positive if x > 0 G and nonnegative if x > 0 G R"; let R” 0 and R> 0 denote 
the set of positive and nonnegative vectors in R n ; given vectors S G R> 0 and x G R n , define 
B s (x) := {x' G M n : \x' — x\ < <5}, a hyper-rectangular box centred at x; Bs{ 0) is written as Bs 
for short; given r/ G M> 0 , define := {y o k G : k G Z n } to be a hyper-rectangular grid 
with granularity parameter rj; given a set S C W and a vector // G M> 0 , define [S] v := 5 ft [R n ] 
to be the set of all grid points in S; given two sets X C M” and F C K n , I ® Y denotes their 
Minkowski addition defined as A" © Y := {x + y\ x G A", y G Y}\ given a function /, dom(/) 
denotes its domain. 


II. Problem formulation 
A. Continuous-time control system 

We consider a continuous-time control system described by a tuple T := (A", X 0 , U, f, II, L), 
whose execution is governed by the ordinary differential equation with inputs 

x{t) = f(x(t ), u(t)), (1) 

where t G M>o, x(t) G X C M n is the system state, x(0) G Ao C R n is the initial state, 
and u(t) CUC K m is the control input. A measurable locally essentially bounded function 
defined on [0, r] taking values in U is called a control signal of duration r. Let U be the set 
of all control signals with arbitrary but finite duration. The vector field / : W 1 x M"' —* M" 
is a continuous function that fulfills the basic conditions (see, e.g., [15J) for existence and 
uniqueness of solutions: given x 0 G X, T G M> 0 , and a control signal u of duration T, there 
exists a unique solution, denoted by £(£, x lh u), that satisfies <{T]) for t G [0,T] and the initial 
condition x(0) = x 0 . The labeling function L : X —> 2 n is function that maps a state of T to a 
set of propositions in II that hold true at this state. 
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B. LTL control synthesis problem 


The desired system behaviors for T are specified using linear temporal logic (LTL). LTL 
is able to express a combination of safety, reachability, invariance properties. It is built upon 
the set of atomic propositions II, logical operators -> (negation), A (conjunction) and temporal 
operators O (next), U (until). An LTL formula p is formed by connecting a finite set of atomic 
propositions with these operators. In this paper, we use a stutter-invariant fragment of LTL 


(denoted by LTL\q), which excludes operation Q. The synthex of LTL.,q can be found in [ 161. 


We also assume that all LTL\q formulas have been transformed into negation normal form [16 


p. 132], by adding the operator R (release) and replacing any negations of atomic propositions 
with new atomic propositions. 

LTL\q semantics for continuous trajectories'. Let £ be a continuous-time trajectory defined 
on M> 0 and p be a LTL\q formula. Let £[/] denote the state at time t, and £[£, oo) denotes the 
part of the trajectory in [t, oc). t > 0. Then the semantics of £ satisfying 0, denoted by £ |= p, 
is defined as follows: 


. £ |= 7T, 7T G II, iff 7T G L(£[t 0 ]); 

. £ |= pi A p 2 iff £ h <Pi and £ |= p 2 ; 

• £ |= px V p 2 iff £ h <Pi or £ 1= 

• £ |= pi~Up 2 iff there exists t' > 0 such that £[£',oo) |= p 2 and £[£", 00 ) |= p x for all 

t" g [ 0 ,0; 

• £ |= pjRp 2 iff for all t' > 0 either £[£', 00 ) |= p 2 or there exists t" G [0, t 1 ) such that 
£[t", 00 ) |= pi. 

Assume the system state is measured at time t k with to = 0, 0 < t k < t k+ i,k G N. A 
continuous control strategy is defined as a function a : x 0 ,- ■ ■ , x t u, that generates a control 
signal Uj G U for the horizon [L, t l+ y) according to the history of states x 0 , ■ ■ ■ ,Xj. 

We are now ready to formulate the main control synthesis problem this paper aims to address. 

Continuous Synthesis Problem'. Given a continuous-time control system T and an LTL\q 
specification p, find a nonempty set of initial states X 0 and a control strategy a such that the 
resulting solutions of T satisfy p. The specification p is said to be realizable for T if such X 0 
exists. 
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III. Finite Abstractions with Robustness Margins 

This section is devoted to formally defining a notion of abstractions useful for solving robust 
control synthesis problems and proving their correctness and robustness guarantees when solving 
the continuous synthesis problem by discrete synthesis using these abstractions. 


A. Finite abstractions with robustness margins 

In p2| ], the authors introduced a notion of finite abstractions with additional robustness margins 
that can effectively handle a range of robustness related issues in control synthesis, including 
modelling uncertainty, measurement errors, and jitter or delays in control signals. 

This paper aims to improve its computational procedure in two aspects. First, we define 


the finite abstractions with a varying (state-dependent) robustness margins while [ 121 use fixed 
margins which are often conservatively chosen to cope with the worst case. Second, we construct 


transitions by way of local reachable set computation while the results in [12| rely on a global 
analytical bound that can lead to spurious transitions being added due to variation in local 
dynamics. 

To this end, we shall formally define the notion of finite abstractions with robustness margins 
using reachable set. 


Definition 1. Given a control signal u e U of duration r and a set of initial states X 0 , the 
reachable set for system (jTj) at time r under this control signal u is defined by 

Ku,x 0 (r) '■= {£(t, x 0 , u)|x 0 € X 0 }. 

The reachable tube for system ([7]) over the inten’al [0, r] is the union of all reachable sets during 
this time inten’al, which is 

ftu.Xo([0, r D := U {{.(t, x 0 , u)\x 0 <E X 0 }. 

iS[0, r] 

With a fixed u E U and r G M >0 , T^ u ,x 0 ( t ) an d T^u,x 0 ([ 0; r D are interpreted as u being a 
constant control signal on [0, r\. 

We are now ready to define finite abstractions with robustness margins using reachable set. 
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Definition 2. Given 5 G M> 0 and functions F, : X —>• = 1,2, a finite transition system 

T := (Q, Qo, A, -Ef, n, L) 

is said to be a (Fi, T 2 , 5)-abstraction of the continuous-time control system T = (X, X 0 , U, /, II, L), 
denoted by T A(ri,r 2 ,5) T, if there exists an abstraction map Q : X — * <2 .vmc/? that 

• Q is a finite subset of X; 

• Qo — LLeXo 

• A is a finite subset ofU; 

• (q. u, (() E—t r if under u G A with duration t, q and (/ satisfy 

{n~\q') © Br 2 (g>)) n n^a- l{ g )9Brm (r) fi 0; 

• L : Q —> 2 n is defined by L(q) = D x ^B s (q)c\xL{x), ft = II. 

The parameter 5 is used to guarantee that specifications are satisfied even if the controller 
is synthesized using a finite abstraction with approximation errors. The functions r 12 provide 
additional robustness margins that varies with respect to local dynamics to account for imper¬ 
fections such as system delay, measurement or modelling errors, at the price of increasing the 
nondeterminism in the abstraction. 


Example 1. A common and practical type of imperfections involves delays and measurement 
errors (e.g., noise or quantization). Consider the system T with a continuous control strategy a 
subjects to a measurement delay h(t) G [0, A], A e M> 0 , and an error e(t) with \e(t) \ < £ G M> 0 , 
the system dynamics becomes 


x(t) = f(x(t), Uj), u ?: = cr(x(f 0 ), • • • ,x(U)), 
x(ti ) = x(ti - h(ti )) + e(ti). 


( 2 ) 


where x denotes the measurement of system states, t G [£*,£j + i),£o = 0, £* < t l+] , i G N and 


Ti = £j + i — ti is the time duration of u,. 


B. Discrete synthesis problem 

An LTL\o formula can be interpreted over paths of T. A path of T is a sequence of states 
p = qoqiq 2 • • • under the the corresponding action a, G A at each state q, G Q while satisfying 

(fiii ai, (ji+i) G— >f, « G N. 
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LTL\q semantics for discrete sequences'. Let p = g 0 ?i ?2 • • • be an infinite discrete sequence 
and p be an LTL\q formula. Let p[i, oo) denote the subsequence qiq i+ 1 ■ ■ • , i G N. Then 
semantics of p satisfying p, denoted by p \= p, is defined as follows: 

• p |= 7r, 7T G II, iff 7T e L(q 0 ); 

• p |= Pi A p 2 iff P |= and p |= p 2 , 

• p f= pi V p 2 iff p |= pi or p |= p 2 ; 

• p \= pi\Jp 2 iff there exists 3 > 0 such that p\j, oo ) \= p 2 and p[k, oo) f= p\ for all 
0 < k < j; 

• p \= <^iRy ?2 iff for all j > 0 either p[j, oo) |= p 2 or there exists some 0 < k < j such that 
p[k,oo) |= pi. 

Similar to continuous control strategy, a discrete control strategy for T is a function a : 
q 0 , ■ ■ ■ , qi —)> di that maps the history path to a control action. Then we formulate the discrete 
synthesis problem as follows. 

Discrete Synthesis Problem Given a finite transition system T and an LTL\q specification 
p, find a nonempty set of initial states X 0 and a control strategy a such that any resulting path 
satisfies p. If such X 0 exists, then p is said to be realizable for T. 

C. Correctness and robustness guarantees 

In general, the existence of a discrete control strategy a that solves the discrete synthesis 
problem with an LTL\q specification p does not guarantee that a control strategy exists for the 
continuous synthesis problem with the same specification. 

As indicated in Definition^ T requires the same propositions of T to hold within a neighbour¬ 
hood of radius 5, which is more restrictive. This is because the discrete strategy only guarantees 
that a sequence of sampled states satisfy a given specification and the parameter 5 accounts for 
the possible mismatches of the inter-sample states. In addition, the robustness margin functions 
Tj (i — 1, 2) are chosen to account for possible imperfections. 

To formally reason about the correctness and robustness guarantees of solving the continuous 
synthesis problem by discrete synthesis using finite abstractions with robustness margins, the 
following theorem gives a sufficient condition for the realizability of the continuous synthesis 
problem by the realizability of the discrete synthesis problem. 
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Theorem 1. Given a continuous-time control system T, its (r 1; T 2 , 6)-abstraction T, and an 
LTL q formula p, 

(i) (correctness) p being realizable for T implies that p is realizable for T, provided that, 
for all ( q , u, q') 

(dom(u)) C B s (q). (3) 

In particular, if T satisfies p with b and Qo, then p is realizable for T using X 0 = 
UgeQ 0 ^~ 1 ('?) anc ^ a ( x <h " ' i x i) — • • • , where xq, ■ ■ ■ , Xi is the sequence 

of measured states. 

(ii) (robustness) if the system is subjected to measurement delays and errors defined in f|2]), 
then the same statement holds true, provided additionally that the robustness margins T, 
(i = 1,2) satisfy that, for cdl vGi and q € Q, r 2 (q) > £ and 

’^-v,n- 1 (g)©B £ ([0, A]) C O 1 (q) (B (4) 

Proof: (i) The realizability of p for T implies that there exists an initial set Q 0 and a 
discrete control strategy a for T such that all the possible controlled paths from any initial state 
in <2 0 satisfies p (note that T is nondeterministic). We need to show the realizability of p for T. 
For this purpose, we define an initial set X 0 = U (?g g o f2 _1 (g) and a continuous control strategy 
by 

o(x 0 , ■■■ ,Xi) = u i = o-(n(x 0 ), • • • , fi(Xi)), 


where x 0 , ■ ■ ■ , x t is a sequence of measured states. We write q t = Q(x,j for all i > 0 and 
apparently q 0 e Qo- In addition, we denote by p the duration of ii, and let t 0 = 0 ,ti = 
Y^k=o r kX = 1,2,*--. Denote by £ the trajectory of T starting from x 0 under the control 
strategy a and by p the path ffp (p • ■ •. This correspondence is illustrated by the diagram below: 


£ : 

*(o)- 

X(ti) - 

i 

i 

U i 

-*x(t i+ 1 ) 



i 

i 

t 


t 

p ■ 

qo 

Qi ~ 

U; 

- Qi+ 1 


The proof consists of two steps: (A) to show that the path p = • is a valid path in T 

and, as a result, p |= p\ (B) to show from p \= p that £ [= p. 
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To show (A), note that, since x(ti) G Cl 1 (q i ) for all i > 0, we have 

x {pi+l) ^ 'R-u i ,n- 1 (q i )®B ri (q i ){ T i)- 

It follows from the definition of the transitions of T that (q,.q l+ \ ) G —>f for all i > 0. 

To show (B), we prove £ |= p from p |= p by induction on the form of LTL\q formulas. In 
fact, we will prove a stronger statement: for each k > 0 , p[k, oo) implies that £[f, oo) |= p 1 for 
all t G [t k ,t k+ 1 ). 

For ip — 7T G II, p[k, oo) |= 7 T iff 7 T G L(q k ). Since 

x(t) G 7Z>\i k ,n- 1 (q k )®B Tl (q k ) ([0, A-]), Vt G 

we have n G L(g fc ) C L(x(t)), i.e., £[f, oo) |= 9 ? = 7 r, for all t G [4,4+i)- 

The cases for ^ \= p when p = pi A p 2 or p = p\ V <^ 2 are straightforward to prove. We 
focus on the case p = pi\Jp 2 - Assume p[k 1 00 ) f= p, which means that there exists some 3 > k 
such that p 0 [j,oo) \= p 2 and p 0 [i, oo) |= p 1 for all 1 such that k < i < j- By the inductive 
assumption, we have £[£, 00 ) \= p 2 for all t G [t 3 , t 3+ \) and £[£, 00 ) [= p\ for all t G [U,t i+ 1 ) and 
all i such that k <i < j. This indeed implies that £[f, 00 ) | = p = p 1 XJp 2 , for all t G [t k ,t k+ 1 ). 
The proof for the case p = p{R,p 2 is similar and therefore omitted. 

(ii) Now consider system ([2]) for robustness. The key difference now is that measured states 
are delayed versions of the longer true states affected by noise. Denote by x(U) G B £ (x(U)) 
the measured value of x(£j) and let q, = Q (:£•(£,)) for all 1 , > 0. The corresponding continuous 
control strategy becomes 

cr(£(£ 0 ), ■ • • , x(U)) = u i = a(q 0 , • • ■ , &). 

Each control action u* is activated when the true state moves to x(U)' = x(U + h(U)). The 
correspondence between the evolution of a true trajectory and the sequence of measure states 
are illustrated in the following diagram: 


2 ( 0 ) 

X(ti)- 

-x(uy U; » x(t l+1 ) 



^ e {ti+ l)A 

1 T 

x(0) 

x(U) 

\h(U) x(t i+ 1 ) 

■ 1 


1 

Y 

1 1 

j v 

qo 

Qi - 

Ilf yy 

- 5 -► Qi+1 
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We still need to show the two steps (A) and (B) as in part (i). We start with (A), i.e., show that 
the path p = qoqifa • • • is a valid path in T. Note that, according to ([ 4 ]), we have 

x(ti)' G '^ u ._ 1) a-i^.) eBe ([0, A]) C Q 1 (q i ) 

Therefore 

x {ti+ 1) G (a) 

Since x(t i+1 ) G B e (x(t i+1 )) and q i+1 = Q(x(t i+1 )), we have x(t i+1 ) G fT^+i) © B e . 

Considering that the transitions for T are constructed according to Definition [ 2 ] with T 2 > e, 
the transition (q i: u,-, q i+ 1 ) is indeed included in —t r . 

Proving step (B) by induction is similar to that for part (i). We prove the claim: for each k > 0, 
p[k, 00) implies that £[t, 00) |= for all t G [t k , t k+ i). Note that we have t k + h(t k ) G [t k , t k+ 1 ) 
and t k+ 1 — tk — h(t k ) = r k , the duration of u k . We only prove the case for atomic propositions 
and the rest is similar to that for part (i). 

For ip = tt G II, p[k, 00) |= 7r iff 7T G L(q k ). Note first that, by ([ 4 ]), 

x[t) G 7eu fc _ lin -i (&) eB e ([0, A]) C © B ri (q k ) C B s (q k ) 

for all t G [t k ,t k + h(t k )]. This and ([3]) further imply that 

x(t) G ^•ufc, 0 _1 (gfc)©B ri (^ j ) ([0) As]) — Bs(.Qk) 

for all t G [t k + h(t k ),t k+ i). Consequently, we have 7r G L(q k ) C L(x(t)), i.e., £[f, 00) |= = 7r, 

for all t G [4,4+i)• □ ■ 


IV. Reachable Set Over-approximation Based on Linearization and Error 

Estimation 

A key step in constructing finite abstractions with robustness margins defined in the previous 
section is to compute the reachable sets for nonlinear systems. In practice, exact reachable sets of 
nonlinear systems are difficult to obtain and thus their approximations are usually computed. For 
example, reachable set over-approximation is implicitly required by the abstraction procedures 
in 0.0. [12], where analytical bounds, usually obtained by Lyapunov-like functions, are used 
to roughly estimate the evolution of trajectories. A more precise computation of reachable sets 
has the potential to significantly reduce the spurious transitions in the abstraction. 
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In this section, we present a linearization-based method for the computation of reachable sets 
for nonlinear systems. For simplicity, we only consider constant control signals, which suffice 
for the computation of finite abstractions by discretization-based methods to be discussed in 
Section |V] 


A. Reachable set computation for linear systems 

Consider a class of affine control systems of the form 

x(t) = Ax(t ) + b + u(t) (5) 

where & e R" is a constant vector, x(t) G X is the state, u(t) G U is the control signal, and 
U C K m is a compact convex set. 

Similar to Definition [lj given an initial set of states X 0 C A", we denote by TZ t ^ q (t) the set 
of states that are reachable at time r G R>o under U, which is defined by 

n L Xo (r) ■= {x(r) G X\ x(t) = Ax(t) + b + u(t),Wt G [0, r], 

u(t ) G U, x(0) G A 0 }. 

The reachable tube over the interval [0, r] is defined by 

te[0,r] 

Since the control input u{t) is chosen arbitrarily from the set U, both the reachable set and tube 
are difficult to be computed exactly. For linear control systems, their convex over-approximations 
are used instead (see, e.g., Lemmas 1 and 2 in [17]). The convex hull of two convex sets, which 
is defined by 

CH(A, y) = {Xx + (1 - X)y\xeX,yey, A G [0,1]}, 

is used to compute the reachable tube. For the linear affine control systems, we give the following 
proposition to over-approximate the reachable sets and tubes. 


Proposition 1. For a linear affine control system 0. given a compact convex set X 0 C A" and 
a time r G M>o, let 


Y (r) = e Ar X 0 © {G(A, r)b} © rU © Bp T , 
Y([0,T}) = CH(X o ,Y(T)®B aT+lr ), 


( 6 ) 
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where 

a T = ( e T ^ — 1 — r||A||) max ||a;||l, 

x£X 0 

fd T = (e T ll A ll — 1 - rimDimi -1 max ||u||l, (7) 

u£U 

7T = (e^lU 1 -TP||)mr 1 ||6||l, 

with ||-|| as the infinity norm, 1 G M n representing the vector of ones, i.e., each element of it 
equals to 1, and G(A,r ) := fj e A< - r ~ t >dt. Then 

n L Xo {r) C Y(r), 

Ki([0,r]) C K([0,r]). 


Proof: Denote by x(t),t G [0, r], a trajectory of the system from a initial state x 0 G A^ 0 
under an input u(t) G U, and 


x(t) 


=e tA Xn + / e A{t ~ s) bds 


+ / M (s)ds+ / (e A(t - s) 


I)u(s)ds 


where «*(£) 
by 


=e tA x Q + G(A, t)6 + tu*(t ) 

+ [ (e A(t ~+ — I)u(s)ds, 

Jo 

\ lo U ( S )J S ^ U for that U is convex. We estimate x(f) by £(£), which is given 
£(f) = x 0 H—(e rA — i> 0 H— G(A, r)b + tu*(t). 

T T 


Then 

||a;(f) - x(t)|| <||e tA a;o - x 0 - ~(e rA - I)x 0 || 

T 


+ ||G(A,t)6- -G(A,r)b\\ 

T 

+ 11 [ {e A{t ~ s) - I)u(s)ds\\ 

Jo 

< — (a r + 7 r + /3 r ). 
r 

This means there exists a vector x(f) in B aT+lT+ p T such that 
x(t) = x(t) + -x(f) 

T 

= (1 - -)x 0 + -(e rA + G(A, r)b + + 5(f)). 

r r 


( 8 ) 
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Therefore 

n L Xo {[ 0, r]) C CH(X 0 , e Ar X 0 © {G(A, r)b} © rf/ © B t , r+7r+/3r ) 

= F([0,r]). 

The state estimation error at time r reduces to ||x(r) — x(r)|| < /3 T by setting t — r in ([8]). 
Thus TZ l Xo {t) C e Ar X 0 ® {G(A, r)6} © rf/ © = Y(t). □ ■ 

Remark 1. Proposition [7] differs from © in considering affine systems. Defining v(t) : = 
b + u(t). v(t) G V = {6} © U, the method in [17] can also be applied. Yet when u(t ) is small 
compared to b, the size of Y(t) computed by proposition [7] is smaller because of a smaller 
bloating parameter (3 T . 


B. Reachable set computation for nonlinear systems 

Reachable set over-approximation for nonlinear systems obtained by a global analytical func¬ 
tion can be conservative. To obtain a relatively tighter over-approximation of the one-step 
reachable set of nonlinear systems, we can write the nonlinear system dynamics as the sum 
of its linearization in a local area and an approximation error term. 

More specifically, for a nonlinear system <{T) under a constant control input u G U, the 
dynamics around a center point x* G X can be approximated by its first-order Taylor expansion 
with a Lagrangian remainder: 


x(t) = A x *(x(t) - x*) + f(x*,u ) + d x *(t), 


(9) 


where A x * = df/dx\ x *, and d x *(t) = (di(t), ■ ■ ■ , d n (t)) G M n is the approximation error with 


di(t) = ~(x(t) - x*) T Hi(zi(t))(x(t) - x*), 


Hfzft)) = 


d 2 f 


dx 2 


Zi(t) 


and zft ) G B\ x (t)- X *\{x )• 

If the system trajectory does not exceed a predefined linearization area B r (x*), where r 
then d x * (t) belongs to a convex set T> x * (r) given by 

T> x *{r) = {d = (di, ..., d n )\di = ^x T Hfzfjx , 


G M 


n 

> 0 ’ 


( 10 ) 


x G B r , Zi G B r (x*)}. 
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Defining x(t) := x(t) — x*, ^ is in the form of ([5]). Thus, the reachable set and tube of the 
nonlinear control system (|T|) can be computed using Proposition [T] locally. 


C. Reachable set computation using zonotopes 

Since set operations, such as linear transformation, addition and multiplication, are used 
extensively in the computation of reachable sets, a proper set representation can help expedite 
the computational process. To this end, zonotope representation is attractive for its efficiency in 
the aforementioned set operations (see, e.g., |H|, [[T8|, [ 1_9]). 


Definition 3. A zonotope is a set represented as 


Z := < x G 


\x = c 


+ 


9 {i) , Ai g [-1, 1] 


\ 2=1 ) 

where c, g^\i = 1, 2G M n are called the central vector and generators, respectively; l 
is the number of generators. It is often denoted as Z = (c, g (i> , ..., g {,} ). 


The addition of two zonotopes Z\ = (ci, g^\ ..., g^) and Z 2 = (c 2 , g 2 \ ..., g 2 2 ^) and 
the multiplication of a zonotope with a matrix M G M' tXn can be easily derived as 

Zi © Z 2 = (ci + c 2 , g[^, ..., g[ ll \ g^\ • • •, 5 I 2 2 ' ) ), 

MZ 1 = (Mc±, Mg?\ ..., Mg[ h) ). 

For a zonotope with l generators in M n , l/n is called the order of the zonotope. 


Example 2. The set B r with r = (ri, • • • ,r n ),ri e M >0 can be written in the form of zonotope 
as 

Z Br = (0, #,#,••• ,,gi n) ), (11) 

where g'r ] G M n is a vector with cdl the elements being zero except that the ith element is r t , 
i = 1, 2, • • • ,n. 

The approximation error D x *(r) as in ( [To] ) can be over-approximated using the quadratic 
map [14]. Instead of computing II,(z t ) for every Zi G B r (x*), we enclose it by an interval 
matrix Hfx*). Denote by h tJ the element of the ith row and jth column of Hfx*), then 
hij — \h\j- hfj], where h[j and hf is the minimum and maximum values of h l3 in the linearization 
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area respectively. Using Z Bi defined in ( [IT] ), we can compute an over-approximation of D x *(r) 
by 


V x *(r) C V x *(r) :=quad (Hfix*), Z Br ), 


( 12 ) 


where quad(-, •) is the quadratic map defined in [ 141. 


The convex hull operation of two zonotopes can be over-approximated by (see [13J, [18] for 
more details) 


CH(Z 1 ,Z 2 ) = -(c 1 + c 2 ,g[ 1) +g^, 


,9? + g$\ 


Cl - C 2 , gi 1} - g£\ ■■■ , g[ l) - g% ] ). 

To sum up, we give the following proposition, which aims to over-approximate the local 
reachable sets of nonlinear systems using zonotopes. 


Proposition 2. Given a nonlinear control system T, the function Ti : X —> M> 0 , an abstraction 
map : A" —y Q and a finite set of constant control actions A, for any q G Q and u G A with 
u (t) = u G U,Vt G [0, r\, denote 

Xq = f r\q) © Ur,®, x 4 = {-q} 0 X,. (13) 

The reachable set and tube TZ^Xq (t) an d TZu,Xq ([0, r]) can be over-approximated by the sets 
and lZu,x 4 {[ 0, r]), respectively, which are computed by 

Ku,x 9 (t) = {<?} © Y(t), (14) 

and 

Ku,x,([ 0,r]) = {q}®CH(X^Y(r) ® £ Qt+7t ), (15) 

where 

Y (r) = e A « T Xq®G(Aq,T)f(q,u) ®rVq(r ) ®Bp T , 

and Q r , 5 r , y T , G(Aq , r) are defined as in Proposition [7] 


V. Computation of Abstraction by Discretization and Zonotope 

Representation 

In this section, we discuss how to construct finite abstractions with robustness margins by 
grid-based discretization. 
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A. Grid-based discretization 


Consider uniform parameters rj <E M” 0 , // e M> 0 and a fixed sampling time r, e M >0 . Let 
Q = [X] v be the set of states in T. In this case, f2 _1 (g) © £>r ; (<j) = £>, ? / 2 +r i(<j)(<?) C — 1,2). 
Using zonotopes with order 1, X,- v Xg in (13) become 

Xq = (q, 4 1 ) > 4 2) ’"' ” 4 n) )’ 

A^ = (0, g^\gf\--- ,,4 n) ), 

where e M n is a vector with all the elements are zero except the zth element being r//2+r ] (g), 


z = 1,2 ,--- , n. 

The set of control actions A only contains the control signals that take values in [f/] /t and 
the time duration are integral multiples of r s . Since the computation of reachable sets and 
tubes are only valid within the linearization area B r (q), the time duration and the value of the 
control signals should be determined to make sure that the transitions only take place inside it. 
Furthermore, in order to satisfy Theorem 1, this area should belong to B§(q); in other words, 
r < S. 


B. Algorithm for computing transitions 

The algorithm for computing transitions is designed to collect all the valid transitions under 
a grid-based discretization according to Theorem 1. The main steps are devoted to solving the 
key problem of determining the valid control signal duration r = kr s , k e N (if it exists) for 
each element in \U] fl and state in Q. 

Similar to a lazy control strategy, which means that the control action is kept to be the same 
for as long as possible, we choose r = r max , where r max is the maximum time of a control signal 
under which the system remains within a predefined linearization area. A practical consideration 
for this is that a short time duration can potentially introduce spurious self-transitions that do 
not exist in the original continuous system. 

Out of simplicity in implementation, we use f max = p*T s ,p* e N as an under-approximation 
of T max , and approach it iteratively using a lower bound a and an upper bound b (a, b <E N and 
a < b). The initial guess equals to the upper bound b. If the reachable set is fully inside the 
linearization area, which means p* > b, the bounds shift to [b, b + (b — a)]; if the reachable set 
has already move outside the region, the bounds shrink to [a, Considering the situation 
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that reachable sets shrinks around the equilibriums, i.e., r max = oo, we set an upper limit iVeN 
for p. 

Algorithm 1 sketches the computation of transitions in a (Ti, T 2 , 5)-abstraction. For system 
0. we can use constant margins satisfying T 12 > 0. For system ([2]), T 2 > £ can be set as a 
constant, whereas the margin Ti is not predefined, but chosen adaptively according to (|4]). 

VI. Comparison with Lyapunov-based Approximation 

We analyze the performance of the controllers synthesized using finite abstractions with 
robustness margins by two examples: the pendulum system (7J) and the automatic cruise control 

m- 

A. Pendulum 

The pendulum model considered here is 


X\ 


X2 

X2 


— f sin x i - ~X 2 + u 


g = 9.8, l = 5, m = 0.5, k — 3, 

where u G U = [—1, 0], x G X = [—0.5, 0] x [—0.2, 0.2]; u is the normalized control torque; aq, x 2 
represent the angle (rad) and the angular rate (rad/s), respectively. The angle is measured from 
the perpendicular line to the current ball position. The positive direction is counter clockwise. 
The constants g, l, m, k denote the gravity acceleration, rod length, mass, and friction coefficient, 
respectively. 

The specification is given by an LTL\q formula p = □</?., A 0 \Htp t with ip s = X and 
( p t = [—0.3, —0.2] x [—0.05, 0.05]. In our simulation, the abstraction parameters are r s = 
0 .01s, r = [0.04; 0.04], r) = [0.02; 0.02], p = 0.01. As shown in Fig. |T| (left), the controlled 
system trajectory satisfies the given specification. 

On the other hand, we fail to generate a controller using the abstraction based on Lyapunov-like 
method, as a result of its greater conservatism. We compare the number of transitions included 
by different reachable set computation methods. With the same partition, applying the control 
torque u = —0.81 at the state aq = —0.3, x 2 = 0.1, the number of post states computed by our 
method is 4 while it is 49 using the Lyapunov-based method. As shown in Fig. [T| (right), the 
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Algorithm 1 Computation of the transitions {—>-f} in a (Ti, T 2 , <5)-abstraction T 


Require: r, r s , ip *4, <2 and A, e (A = 0, e = 0 for ([1 

1: Ti = £, T 2 = £, 0 

2: for all q e Q do 

3: for all u e A do 

4: Compute f^, A and V^(r) by ([ 9 ]) and (12) 

5: Xq = 0 

6 : for all v e A do 

7: -^0 = -^0 ^ ' R ' v , B v / 2 + s ( q )([ 0) ^]) 

8: end for 

9: Choose Ti s.t. X' Q © (-£> r; / 2 (g)) ^ 

10: X 0 = i3^/ 2 +ri(?)» Xr = 0 

li: p = po, a = 0 , b = p 

12: while (a 7 ^ b) A {p > 0) A {p < N ) do 

13: Compute n^x 0 (pr s ), TZ^x o ([0,pr s }) 

14: if 1lu : x o([0, pT s ]) C B r (q) then 

15: X R = TZu,X 0 {pT s ) 

16: p = 2b — a, a = b, b = p 

17: else 

18: p=[£flb = p 

19: end if 

20: end while 


21: r — ar s 

22: if ^ / 2 + r 2 (g') n X R ^ 0 then 

23: r} (9> A A 9') 

24: end if 

25: end for 

26: end for 
27: return {-^f} 
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one-step reachable set computed using our method is smaller than that using the Lyapunov-based 
method. 



Fig. 1. Left: The trajectories of the controlled pendulum system states and the corresponding control signal. Right: Comparison 
of one-step reachable sets generated by two methods: region I indicates the linearization region B r (q)\ region II is the initial set 
of states; region III is an over-approximation of the reachable set obtained by the proposed linearization-based method; region 
IV is an over-approximation of the reachable set obtained by an analytical bound using Lyapunov-based methods. 


B. Automatic cruise control 

Consider the longitudinal dynamics of automatic cruise control 

V — U — Cg — CiV 2 , 

where v 6 [20, 30], u G [—1.5, 1], c 0 = 0.1, and cr = 0.00016. 

To design a controller satisfying the specification <p = □ (n < 30) A QO(v e [22, 24]), we set 
t s = 0.3s, r = 0.6, 7] = 0.1, fi = 0.2. In the simulations, the system is subjected to a maximum 
delay d = 0.01s and a measurement error bound e = O.lm/s. We construct three different 
abstractions: i) one without robustness margins; ii) one with uniform robustness margins (as 
defined in [12)); iii) one with varying robustness margins (as defined in this paper). Fig. [2] 
presents the simulation results of the cruise control system, under controllers synthesized using 
the first and the third abstractions, respectively. As observed from Fig. [2] (left), the speed jumps 
out of the target range as the time lapses because the first abstraction cannot counteract delays 
or measurement errors, while the result from the third abstraction shown on the right of Fig. [2] 
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is satisfactory. To compare the second and the third abstractions, we look at their transitions 
around the state v = 21.4m/s under the control input u = 0.15. The second abstraction has 30 
transitions, whereas the third one has only 20. In fact, due to its greater conservatism, the second 
abstraction is not able to generate a controller during control synthesis. 

25 

24 

23 

v (m/sec) 

22 

21 

20 

0 100 200 300 400 500 0 100 200 300 400 500 

t (sec) t (sec) 

Fig. 2. Controlled state evolution synthesized from an abstraction with (right) and without (left) local robustness margins. 




VII. Conclusion 

In this paper, we considered the problem of constructing finite abstractions for nonlinear 
systems that are suitable for synthesizing robust controllers. A notion of finite abstractions with 
robustness margins that vary with respect to the local dynamics was formally defined. One 
main contribution of our work was to apply local reachable sets computation techniques in 
computing finite transitions, which led to reduced degree of nondeterminism in the abstractions. 
The local reachable sets are computed by linearization and approximation error estimation. As 
illustrated by numerical examples, the abstractions generated by the proposed method contain 
fewer spurious transitions than those obtained from Lyapunov-based methods and therefore are 
more likely to render the control synthesis problem realizable. Future work will combine the 
abstraction procedures presented in this paper, which take into account local dynamics, with 
automated refinement procedures to mitigate potential state explosion problem. 
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